IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AccessControl: Document orgs roles and orgs endpoints (#42171) (#42183)

Browse Source 
* AccessControl: Document `orgs` roles and `orgs` endpoints

* Use maintainer instead of manager

(cherry picked from commit a93e649af5)

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
This commit is contained in:
Grot (@grafanabot) 2021-11-24 05:09:22 -05:00 committed by GitHub
parent dcbf9ba7af
commit 2f262db612
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 82 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/sources/enterprise/access-control/fine-grained-access-control-references.md
View File

@ -35,16 +35,16 @@ The reference information that follows complements conceptual information about
| `fixed:licensing:reader` | `licensing:read`<br>`licensing.reports:read` | Read licensing information and licensing reports. |
| `fixed:licensing:writer` | All permissions from `fixed:licensing:viewer` and <br>`licensing:update`<br>`licensing:delete` | Read licensing information and licensing reports, update and delete the license token. |
| `fixed:provisioning:writer` | `provisioning:reload` | Reload provisioning. |
| `fixed:orgs:reader` | `orgs:read`<br>`orgs.quotas:read` | Read the organization and its quotas. |
| `fixed:orgs:writer` | All permissions from `fixed:orgs:reader` and <br> `orgs:write`<br>`orgs:delete`<br>`orgs.quotas:write` | Create, read, write, or delete an organization. Read or write its quotas. |
| `fixed:current.org:reader` | `orgs:read`<br>`orgs.quotas:read` | Read the current organization, such as its ID, name, address, or quotas. |
| `fixed:current.org:writer` | All permissions from `fixed:current.orgs:reader` and <br> `orgs:write`<br>`orgs.quotas:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write` | Read the current organization, its quotas, or its preferences. Update the current organization properties, or its preferences. |
| `fixed:organization:reader` | `orgs:read`<br>`orgs.quotas:read` | Read an organization and its quotas. |
| `fixed:organization:writer` | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write` | Read an organization, its quotas, or its preferences. Update organization properties, or its preferences. |
| `fixed:organization:maintainer` | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs:create`<br>`orgs:delete`<br>`orgs.quotas:write` | Create, read, write, or delete an organization. Read or write its quotas. This role needs to be assigned globally. |
| |
## Default built-in role assignments
| Built-in role | Associated role | Description |
| ------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
| Grafana Admin | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:orgs:reader`<br>`fixed:orgs:writer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer` | Default [Grafana server administrator]({{< relref "../../permissions/_index.md#grafana-server-admin-role" >}}) assignments. |
| Admin | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:current.org:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br> | Default [Grafana organization administrator]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
| Editor | `fixed:datasources:explorer` | Default [Editor]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
| Viewer | `fixed:datasources:id:reader` | Default [Viewer]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
| Built-in role | Associated role | Description |
| ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
| Grafana Admin | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:organization:reader`<br>`fixed:organization:maintainer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer` | Default [Grafana server administrator]({{< relref "../../permissions/_index.md#grafana-server-admin-role" >}}) assignments. |
| Admin | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br> | Default [Grafana organization administrator]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
| Editor | `fixed:datasources:explorer` | Default [Editor]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
| Viewer | `fixed:datasources:id:reader`<br>`fixed:organization:reader` | Default [Viewer]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |

72
docs/sources/http_api/org.md
View File

@ -20,6 +20,14 @@ the admin of all organizations API only works with basic authentication, see [Ad
`GET /api/org/`
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope |
| --------- | ----- |
| orgs:read | N/A |
**Example Request**:
```http
@ -94,6 +102,14 @@ Accessible to users with org admin role, admin in any folder or admin of any tea
Mainly used by Grafana UI for providing list of users when adding team members and
when editing folder/dashboard permissions.
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope |
| -------------- | -------- |
| org.users:read | users:\* |
**Example Request**:
```http
@ -186,6 +202,14 @@ Content-Type: application/json
`PUT /api/org`
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope |
| ---------- | ----- |
| orgs:write | N/A |
**Example Request**:
```http
@ -259,6 +283,14 @@ is called `admin` and has permission to use this API).
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope |
| --------- | ----- |
| orgs:read | N/A |
**Example Request**:
```http
@ -293,6 +325,14 @@ Content-Type: application/json
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope | Note |
| --------- | ----- | ------------------------------ |
| orgs:read | N/A | Needs to be assigned globally. |
**Example Request**:
```http
@ -327,6 +367,14 @@ Content-Type: application/json
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope | Note |
| ----------- | ----- | ------------------------------ |
| orgs:create | N/A | Needs to be assigned globally. |
**Example Request**:
```http
@ -362,6 +410,14 @@ Content-Type: application/json
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope | Note |
| --------- | ----- | ------------------------------ |
| orgs:read | N/A | Needs to be assigned globally. |
**Example Request**:
```http
@ -396,6 +452,14 @@ Content-Type: application/json
Update Organization, fields _Address 1_, _Address 2_, _City_ are not implemented yet.
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope |
| ---------- | ----- |
| orgs:write | N/A |
**Example Request**:
```http
@ -423,6 +487,14 @@ Content-Type: application/json
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope |
| ----------- | ----- |
| orgs:delete | N/A |
**Example Request**:
```http